Sign in to follow this  
Followers 0
Guest bitingsock

remote shutdown

12 posts in this topic

HI!

So here's the deal: my brother has gotten pretty good with autoit and he made a remote shutdown script, I on the other hand well lets just say the limit to my skills is just about "leftclick(", "send(", and "sleep(".

Now, this shut down script can shutdown anyone on the network. My question is: is there a way I can block him from doing it to me?/a way I can Immunate my self?

Help me! I'm gettin' kinda irratated. :)

Thx

Share this post


Link to post
Share on other sites

HI!

So here's the deal: my brother has gotten pretty good with autoit and he made a remote shutdown script, I on the other hand well lets just say the limit to my skills is just about "leftclick(", "send(", and "sleep(".

Now, this shut down script can shutdown anyone on the network. My question is: is there a way I can block him from doing it to me?/a way I can Immunate my self?

Help me! I'm gettin' kinda irratated. :)

Thx

<{POST_SNAPBACK}>

Remote execution via RPC is only possible when you know an account that has Administrator privileges..... so, change the password of the account he knows.

This is not really an AutoIT function but you use a utility like PSEXEC or PSSHUTDOWN to accomplish this...

Another possibility is that you pc is "Infected" with a script that is constandly running or launched via the task scheduler........


Visit the SciTE4AutoIt3 Download page for the latest versions  - Beta files                                How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

hmmm...

i dont think thats it...

would it help if i sent you the actual script?

and if so, how?

Share this post


Link to post
Share on other sites

he can shut anyone down...

anyone on the network...

as an example: any onw at a lan party.

just...does it

Share this post


Link to post
Share on other sites

What if you change the admin password?

That should work.

Share this post


Link to post
Share on other sites

he can shut anyone down...

anyone on the network...

as an example: any onw at a lan party.

just...does it

<{POST_SNAPBACK}>

I dont think he can shutdown anyone. Only those that:

1. have an admin account on their computer for which he knows the password

2. have not installed all security patches

Both things cannot be done with AutoIt alone. To stop him from doing it, you need to find out what of this he has done. This means changing the passwords for your accounts on your computer and installing all security updates. and then checking if there's anything left (try going to Start -> Run -> msconfig.exe and check if there's anything strange and for that you need to know your computer).

Share this post


Link to post
Share on other sites

www.zonelabs.com

get zonealarms firewall

and make sure YOU are the only account on your comp with admin access... and change the pass

Ive been trying to do things remotely on a network where i have the domain (not enterprise) password and i havent been able to get it to work yet :(


Share this post


Link to post
Share on other sites

can u send me ur brother script...

may be it is useful for my work..

Afsar

hmmm...

i dont think thats it...

would it help if i sent you the actual script?

and if so, how?

<{POST_SNAPBACK}>

Share this post


Link to post
Share on other sites

can u send me ur brother script...

may be it is useful for my work..

Afsar

<{POST_SNAPBACK}>

You can do that with Pstools... get it at www.sysinternals.com

Share this post


Link to post
Share on other sites

hmmm...

i dont think thats it...

would it help if i sent you the actual script?

and if so, how?

<{POST_SNAPBACK}>

I would like to see the script. I could then tell you exactly what he is doing to be able to call those procedures. You can PM me if you would like.

JS


AutoIt Links

File-String Hash Plugin Updated! 04-02-2008 Plugins have been discontinued. I just found out.

ComputerGetInfo UDF's Updated! 11-23-2006

External Links

Vortex Revolutions Engineer / Inventor (Web, Desktop, and Mobile Applications, Hardware Gizmos, Consulting, and more)

Share this post


Link to post
Share on other sites

Remote execution via RPC is only possible when you know an account that has Administrator privileges.....  so, change the password of the account he knows.

This is not really an AutoIT function but you use a utility like PSEXEC or PSSHUTDOWN to accomplish this...

Another possibility is that you pc is "Infected" with a script that is constandly running or launched via the task scheduler........

<{POST_SNAPBACK}>

this is something personal for documentation

to operate with remote pc's which tool is better in PsExec.exe and BeyondExec.exe from www.sysinternals.com and www.beyondlogic.com and please tell me the reason also?

i preferred psexec.exe but i have to write in documentation why i chosen it..?

thanx for help

Share this post


Link to post
Share on other sites

You haven't mentioned what OS yet.

Assuming Windows XP, here are some options:

1. Stop and disable the "Remote Procedure Call (RPC)" service.

or

2. Using GPEDIT.MSC

a. Under Computer Configuration -> Windows Settings -> Local Policies -> Audit Policy, change "Audit account logon events", "Audit logon events", "and "Audit privledge use" to success AND failure. Attempts to access the computer will be logged in the Security Event Log. This will also give you ammunition to show your parents or whoever that your brother is doing stuff to piss you off. Of course, this is ludacris since you should be getting him back, not "telling Mommy." :dance:

b. Under Computer Configuration -> Windows Settings -> Local Policies -> Audit Policy, remove "Everyone" from "Access this computer from the network." Assuming he doesn't have a local account on your computer, make this only "Authenticated Users" or "Administrators". Also remove all entries from the "Force shutdown from a remote system" policy. Keep the policy defined, but with no entries.

c. Once you've caught him in the Security log because of the auditing settings and know what account he's using, put that account in the "Deny access to this computer from the network" policy, unless of course it's Administrator or your account.

d. If you're still using Administrator, create yourself a new account, put it in the Administrators group, login under that ID, disable Administrator and rename it to something he won't guess.

3. Look for some corporate security hardening procedures on Google or Microsoft's website and implement them. They usually walk you through it step-by-step in case you don't think you'll know how to do it.

Good luck! :whistle:


My UDFs: ExitCodes

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0